Follow us on Twitter!
The important thing is not to stop questioning. - Albert Einstein
Wednesday, April 23, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 20
Guests Online: 19
Members Online: 1

Registered Members: 82885
Newest Member: ConiBE
Latest Articles

Realistic 2

Arrow Image Help getting through level 2 of realistic missions...



First thing to do is to find the directory the backup exists in. This is pretty obvious!

Next we need to read this part again:

"the backup file is named in this order year, month, day, hour, .sql with no minutes and he also heard that the backup was made on September of 2004. It looks like backup_2004-09-01_1000.sql"

This hints that the backup file name will range from "backup_2004-09-01_1000.sql" to "backup_2004-09-30_2300.sql"

So how do we find the file? Well we could try every URL but that would take forever. Instead we need to write a script that will automatically try each URL. I am good at PHP so if you are take a look at loops and the fopen() function.

Here is a snippet of my code:

$fp = @fopen($url, "r");
if ($fp) {
echo $url;
break;
}


When you find the sql file, it will give you the username and password which is an md5 hash. Dont waste your time brute forcing it, its a dictionary word so try one of those websites that have password dictionaries on them.

Please do not PM me asking for the file, it defeats the idea of a challange!

Good luck :-)

Comments

BluMooseon November 15 2005 - 20:58:58
So the only way around this one is http brute?
masterioron November 15 2005 - 23:11:07
maybe.. i did it differently though.. but this sounds like it works :-p, dont know too much about coding php (javascript is reaaaaallllllly easy lol)
fire-ukon November 16 2005 - 19:25:31
You can do it in any other language, even in javascript as masterior claims. But yes, this mission seems to require the use of brute force unless someone has another idea?
xdanxon November 26 2005 - 17:01:03
ow.............. i have used XmlHttpRequest. It uses ActiveX. i have a variable dan, for example, witch is the response. So, basically i read the "state" of the server. [404 or 200] . httpRequest uses both java and html so i you sholud do a for in that big statement........ good luck all of you [and me, too because i didn't do it] xdanx B)SmileWinkAngry
jonny_cageon May 27 2006 - 19:56:44
Thanx for the tutorial. Made me learn PHP :-)
only_samuraion November 07 2006 - 21:16:24
question....if we're doing this now , do we need to update it to 2005?
TotcoSon February 18 2007 - 05:31:46
lmao. only_samurai
cis_slayeron May 04 2007 - 01:02:33
thats some crazy crap man...php..hate it
IbaiJoeon March 02 2012 - 16:29:45
ok right get in line for insults... how do you use scripts ? Sad
olichipon June 03 2012 - 18:17:58
@IbaiJoe if you mean php scripts, just download XAMPP and search google for more infos
Post Comment

Sorry.

You must have completed the challenge Basic 1 and have 100 points or more, to be able to post.